unbound icon indicating copy to clipboard operation
unbound copied to clipboard
verified publisher icon NLnetLabs

On FreeBSD: warning: so-sndbuf 4194304 was not granted. Got 9216.

Open mog01 opened this issue 3 months ago • 10 comments

Hi,

I read from the release notes that some buffer tweaks were added to Unbound version 1.24.0; I checked previous issues and the mailing list but couldn't find reference to what I'm seeing. Thanks in advance!

Description With updating to 1.24, I noticed this warning message appears when Unbound is started:

warning: setsockopt(..., SO_SNDBUF, ...) was not granted: No buffer space available
warning: so-sndbuf 4194304 was not granted. Got 9216. To fix: start with root permissions(linux) or
sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(bsd) values. or set so-sndbuf: 0 (use system value).

The numbers in the warning message seem to mismatch the operating system's defaults:


# sysctl -a | grep maxsockbuf
kern.ipc.maxsockbuf: 2097152
net.netlink.nl_maxsockbuf: 536870912

# sysctl -a | grep 9216
vm.uma.mbuf_jumbo_9k.keg.rsize: 9216
vm.uma.mbuf_jumbo_9k.size: 9216
net.inet.udp.maxdgram: 9216
net.inet.raw.recvspace: 9216
net.inet.raw.maxdgram: 9216

If I happen to explicitly set "so-sndbuf: 0" in unbound's configuration file, the warning message is not reported.

After checking the numbers in the error message, I'm unsure which value for kern.ipc.maxsockbuf Unbound is using.

To reproduce Steps to reproduce the behavior:

  1. Update Unbound to version 1.24.0.
  2. Leave "#so-sndbuf: 0" commented out in unbound.conf.
  3. service start unbound

Expected behavior I thought leaving so-sndbuf commented out (presumably with a default of 0) would be the same as explicitly setting it to "0" myself. That doesn't seem to be what's happening for me though.

System: Unbound version: 1.24.0 OS: FreeBSD 14.3

unbound -V Version 1.24.0 Configure line: --with-libexpat=/usr/local --with-libnghttp2 --with-ssl=/usr --disable-dnscrypt --disable-dnstap --enable-ecdsa --disable-event-api --disable-gost --without-libevent --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/share/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd14.3 Linked libs: mini-event internal (it uses select), OpenSSL 3.0.16 11 Feb 2025 Linked modules: dns64 respip validator iterator

Additional information Config file:

server:
	statistics-cumulative: yes
	extended-statistics: yes
	interface: 0.0.0.0
	interface: ::0
	access-control: 127.0.0.0/8 allow
	access-control: 192.168.0.0/16 allow
	access-control: 10.0.0.0/8 allow
	local-zone: "10.in-addr.arpa." transparent
python:
dynlib:
remote-control:
	control-enable: yes
	control-interface: /var/run/unbound.ctl

mog01 avatar Oct 14 '25 11:10 mog01